On Wed, Jan 18, 2006 at 02:32:16PM -0500, Hugo Villeneuve wrote: | On Wed, Jan 18, 2006 at 10:29:34AM -0600, eric wrote: | > On Wed, 2006-01-18 at 00:18:23 -0600, Travers Buda proclaimed... | > | > > I'm suggesting it as the default behavior. Ya' know, secure by default. | > | > hostname.if(5) support eui-64 directives. | | eui64 fills the lower 64 bits the same way auto-configuration does | it. It has nothing to do with random. | | It basically allow you to specify the network and have the interface | part filled for you. Like if you didn't want to run rtadvd(8) on | your network. | | For me, that's how I give an real ipv6 address to the interface | rtadvd is listening on. | | Not that I care about random data in the interface part. In fact, | I would found it quite anoying if my ipv6 address were changing at | every reboot. Like DNS wise.
Reading RFC3041 on Privacy Extensions for Stateless Address Autoconfiguration in IPv6, in chapter 3 it clearly states that you still have a fixed IP address (eui64) configured on your interface for incoming connections. Only outgoing connections should be setup from the temporary addresses (that should be used for hours to days). After deprecating a random address, existing connections will continue working until such a time that all these connections end. With that being said, I still find the random addresses such as those used by recent Microsoft IPv6 stacks very annoying. If I'd want to keep my MAC address to myself, I'd probably just use a 'fixed' address (<network>:dead:beef:cafe:babe/64>) or, better yet, just spoof a MAC address (using the lladdr option to ifconfig) - this way even folks on the same broadcast domain couldn't pinpoint me by MAC (another fruitless attempt at privacy, with pcmcia NIC's (and thus "new" MAC/IPv6-addresses) costing almost EUR 10 at the local hardware outlet). I'd just stop obsessing over a feature that adds only marginally to your privacy and/or security (since it adds code, it probably adds bugs thereby decreasing security). If it's really such a big deal, simply cough up a few diffs and I'd be willing to try them out. Cheers, Paul 'WEiRD' de Weerd -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/